Hostile States ‘Pre-Positioning’ for Cyberattacks on Critical Infrastructure, Canadian Security Agency Warns

The Canadian Centre for Cyber Security released its threat assessment for the next two years on Oct. 30, which discusses how adversarial states use the cyber realm to further their interests.

The centre names the People’s Republic of China (PRC) as the top cyber threat to Canada, with other countries like Russia and Iran also involved in malicious online activities.

Those activities span a wide range of strategies, from espionage aimed at stealing secrets and intellectual property, to tracking down dissidents. Hostile actors also continue to develop offensive capabilities to be able to launch cyberattacks in the event of a conflict.

“State-sponsored cyber threat actors are very likely targeting critical infrastructure networks in Canada and allied countries to pre-position for possible future disruptive or destructive cyber operations,” says the report by the cyber centre.

The centre is hosted within the Communications Security Establishment (CSE), Canada’s electronic spying agency. CSE and cyber centre officials spoke to reporters about their threat assessment on Oct. 30, but would not provide details on specific cases involving systems breaches.

The report, based on classified and unclassified sources, uses intelligence analysis methodology to qualify the degree of certainty a phenomena is occurring.

The centre said attempts by state-sponsored cyber threat actors to delete data or manipulate industrial control systems to support military objectives or information campaigns is “almost certainly” occurring—the highest level of certainty used in the assessment.

“We assess that our adversaries very likely consider civilian critical infrastructure to be a legitimate target for cyber sabotage in the event of a military conflict,” says the report.

‘Strategic Shift’

The cyber centre does not identify specific methodologies used by hostile actors, nor the specific targets they seek to compromise, but it indicates Beijing underwent a “strategic shift” to integrate offensive cyber operations into its military planning in the event of a conflict with the United States.

“PRC state-sponsored cyber threat actors, tracked as Volt Typhoon, are almost certainly seeking to pre-position within U.S. critical infrastructure networks for disruptive or destructive cyber attacks in the event of a major crisis or conflict with the U.S,” says the report.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other agencies like the Canadian cyber centre issued public notices in recent years warning of breaches by Volt Typhoon and recommending actions to mitigate the threat.

Earlier this year, Washington raised the issue directly with Beijing, which has dismissed the allegations.

The cyber centre says the pre-positioning threat posed by Beijing is lower in Canada, but cyberattacks in the U.S could have an impact given how the two countries are interlinked.

“While the focus of future PRC cyber warfare operations will likely be concentrated on the U.S., disruptive or destructive cyber threat activity against integrated North American critical infrastructure, such as pipelines, power grids, and rail lines, would likely affect Canada as well due to cross-border interoperability and interdependence,” says the cyber centre.

While the PRC has been less active in Canada than the U.S. in preparing disruptive cyber attacks, the cyber centre noted in its report that 20 Canadian government networks have been compromised by PRC cyber threat actors in the past four years.

It also said those actors compromised and maintained access to “multiple government networks” in recent years, collecting communications and “other valuable information.”

The cyber centre says all known compromises have been fixed, however “it is very likely that the actors responsible for these intrusions dedicated significant time and resources to learn about the target networks.”